Search in sources :

Example 1 with Certificate

use of org.nhind.config.Certificate in project nhin-d by DirectProject.

the class WSSmtpAgentConfigFunctional_Test method addCertificatesToConfig.

protected void addCertificatesToConfig(String certFilename, String keyFileName, String email) throws Exception {
    byte[] dataToAdd = null;
    if (keyFileName == null) {
        // just load the cert
        dataToAdd = loadCertificateData(certFilename);
    } else {
        dataToAdd = loadPkcs12FromCertAndKey(certFilename, keyFileName);
    }
    Certificate cert = new Certificate();
    cert.setData(dataToAdd);
    cert.setOwner(email);
    proxy.addCertificates(new Certificate[] { cert });
}
Also used : X509Certificate(java.security.cert.X509Certificate) Certificate(org.nhind.config.Certificate)

Example 2 with Certificate

use of org.nhind.config.Certificate in project nhin-d by DirectProject.

the class NHINDSecurityAndTrustMailet_initialization_Test method testValidMailetConfiguration_AssertProperWSInitialization.

public void testValidMailetConfiguration_AssertProperWSInitialization() throws Exception {
    new TestPlan() {

        private ConfigurationServiceProxy proxy;

        @Override
        protected MailetConfig getMailetConfig() throws Exception {
            ConfigServiceRunner.startConfigService();
            cleanConfig();
            addDomains();
            addTrustAnchors();
            Map<String, String> params = new HashMap<String, String>();
            params.put("ConfigURL", ConfigServiceRunner.getConfigServiceURL());
            return new MockMailetConfig(params, "NHINDSecurityAndTrustMailet");
        }

        protected void addDomains() throws Exception {
            Domain dom = new Domain();
            dom.setDomainName("cerner.com");
            dom.setPostMasterEmail("postmaster@cerner.com");
            proxy.addDomain(dom);
            dom = new Domain();
            dom.setDomainName("securehealthemail.com");
            dom.setPostMasterEmail("postmaster@securehealthemail.com");
            proxy.addDomain(dom);
        }

        protected void addTrustAnchors() throws Exception {
            Vector<Anchor> vec = new Vector<Anchor>();
            Anchor anchor = new Anchor();
            anchor.setData(getCertificateFileData("cacert.der"));
            anchor.setOwner("cerner.com");
            anchor.setIncoming(true);
            anchor.setOutgoing(true);
            vec.add(anchor);
            anchor = new Anchor();
            anchor.setData(getCertificateFileData("cacert.der"));
            anchor.setOwner("securehealthemail.com");
            anchor.setIncoming(true);
            anchor.setOutgoing(true);
            vec.add(anchor);
            proxy.addAnchor(vec.toArray(new Anchor[vec.size()]));
        }

        protected void cleanConfig() throws Exception {
            proxy = new ConfigurationServiceProxy(ConfigServiceRunner.getConfigServiceURL());
            // clean domains
            int domainCount = proxy.getDomainCount();
            Domain[] doms = proxy.listDomains(null, domainCount);
            if (doms != null)
                for (Domain dom : doms) {
                    // clean anchors
                    proxy.removeAnchorsForOwner(dom.getDomainName());
                    proxy.removeDomain(dom.getDomainName());
                }
            // clean certificates
            Certificate[] certs = proxy.listCertificates(0, 0x8FFFF, null);
            if (certs != null)
                for (Certificate cert : certs) proxy.removeCertificatesForOwner(cert.getOwner());
            // clean settings
            Setting[] settings = proxy.getAllSettings();
            if (settings != null)
                for (Setting setting : settings) proxy.deleteSetting(new String[] { setting.getName() });
        }

        @Override
        protected void doAssertions(NHINDSecurityAndTrustMailet agent) throws Exception {
            assertNotNull(agent);
            assertNotNull(agent.getInitParameter("ConfigURL"));
            assertEquals(ConfigServiceRunner.getConfigServiceURL(), agent.getInitParameter("ConfigURL"));
        }
    }.perform();
}
Also used : BaseTestPlan(org.nhindirect.gateway.testutils.BaseTestPlan) Setting(org.nhind.config.Setting) MailetConfig(org.apache.mailet.MailetConfig) MessagingException(javax.mail.MessagingException) Anchor(org.nhind.config.Anchor) Domain(org.nhind.config.Domain) HashMap(java.util.HashMap) Map(java.util.Map) Vector(java.util.Vector) ConfigurationServiceProxy(org.nhind.config.ConfigurationServiceProxy) Certificate(org.nhind.config.Certificate)

Example 3 with Certificate

use of org.nhind.config.Certificate in project nhin-d by DirectProject.

the class AddDomainCAAndPrivCert method main.

public static void main(String[] args) {
    final String configServiceUrl = args[0];
    final String domainName = args[1];
    final String caCommonName = args[2];
    final String certCommonName = args[3];
    try {
        final ConfigurationServiceProxy cfService = new ConfigurationServiceProxy(configServiceUrl);
        final Domain domain = new Domain();
        domain.setDomainName(domainName);
        domain.setPostMasterEmail("postmaster@" + domainName);
        domain.setStatus(EntityStatus.ENABLED);
        cfService.addDomain(domain);
        // now add the anchor and cert
        final File caFile = AbstractCertCreator.createNewFileName(caCommonName, false);
        final Anchor anchor = new Anchor();
        anchor.setData(FileUtils.readFileToByteArray(caFile));
        anchor.setOwner(domainName);
        anchor.setIncoming(true);
        anchor.setOutgoing(true);
        anchor.setStatus(EntityStatus.ENABLED);
        cfService.addAnchor(new Anchor[] { anchor });
        final File certFile = AbstractCertCreator.createNewFileName(certCommonName, false);
        final String certFileName = certFile.getName();
        int idx = certFileName.lastIndexOf(".der");
        final String p12FileName = certFileName.substring(0, idx) + ".p12";
        final Certificate cert = new Certificate();
        cert.setData(FileUtils.readFileToByteArray(new File(p12FileName)));
        cert.setStatus(EntityStatus.ENABLED);
        cfService.addCertificates(new Certificate[] { cert });
    } catch (Exception e) {
        e.printStackTrace();
    }
}
Also used : Anchor(org.nhind.config.Anchor) Domain(org.nhind.config.Domain) File(java.io.File) ConfigurationServiceProxy(org.nhind.config.ConfigurationServiceProxy) Certificate(org.nhind.config.Certificate)

Example 4 with Certificate

use of org.nhind.config.Certificate in project nhin-d by DirectProject.

the class DNSServer_Function_Test method xCertToCert.

private Certificate xCertToCert(X509Certificate cert) throws Exception {
    Certificate retVal = new Certificate();
    retVal.setOwner(DNSRecordUtil.getCertOwner(cert));
    retVal.setData(cert.getEncoded());
    return retVal;
}
Also used : X509Certificate(java.security.cert.X509Certificate) Certificate(org.nhind.config.Certificate)

Example 5 with Certificate

use of org.nhind.config.Certificate in project nhin-d by DirectProject.

the class ConfigServiceDNSStore method processCERTRecordRequest.

/**
	 * Processes all DNS CERT requests.
	 * @param name The record name.  In many cases this a email address.
	 * @return Returns a set of record responses to the request.
	 * @throws DNSException
	 */
@SuppressWarnings("unused")
protected RRset processCERTRecordRequest(String name) throws DNSException {
    if (name.endsWith("."))
        name = name.substring(0, name.length() - 1);
    Certificate[] certs;
    // use the certificate configuration service
    try {
        certs = proxy.getCertificatesForOwner(name, null);
    } catch (Exception e) {
        throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
    }
    if (certs == null || certs.length == 0) {
        // unless the call above was for an org level cert, it will probably always fail because the
        // "name" parameter has had all instances of "@" replaced with ".".  The certificate service 
        // stores owners using "@".
        // This is horrible, but try hitting the cert service replacing each "." with "@" one by one.
        // Start at the beginning of the address because this is more than likely where the "@" character
        // will be.
        int previousIndex = 0;
        int replaceIndex = 0;
        while ((replaceIndex = name.indexOf(".", previousIndex)) > -1) {
            char[] chars = name.toCharArray();
            chars[replaceIndex] = '@';
            try {
                certs = proxy.getCertificatesForOwner(String.copyValueOf(chars), null);
            } catch (Exception e) {
                throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "DNS service proxy call for certificates failed: " + e.getMessage(), e);
            }
            if (certs != null && certs.length > 0)
                break;
            if (replaceIndex >= (name.length() - 1))
                break;
            previousIndex = replaceIndex + 1;
        }
    }
    if (certs == null || certs.length == 0)
        return null;
    if (!name.endsWith("."))
        name += ".";
    RRset retVal = new RRset();
    try {
        for (Certificate cert : certs) {
            int certRecordType = CERTRecord.PKIX;
            byte[] retData = null;
            X509Certificate xCert = null;
            try {
                // need to convert to cert container because this might be 
                // a certificate with wrapped private key data
                final CertUtils.CertContainer cont = CertUtils.toCertContainer(cert.getData());
                xCert = cont.getCert();
                // check if this is a compliant certificate with the configured policy... if not, move on
                if (!isCertCompliantWithPolicy(xCert))
                    continue;
                retData = xCert.getEncoded();
            } catch (CertificateConversionException e) {
            // probably not a Certificate... might be a URL
            }
            if (xCert == null) {
                // see if it's a URL
                try {
                    retData = cert.getData();
                    URL url = new URL(new String(retData));
                    certRecordType = CERTRecord.URI;
                } catch (Exception e) {
                    throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
                }
            }
            int keyTag = 0;
            int alg = 0;
            if (xCert != null && xCert.getPublicKey() instanceof RSAKey) {
                RSAKey key = (RSAKey) xCert.getPublicKey();
                byte[] modulus = key.getModulus().toByteArray();
                keyTag = (modulus[modulus.length - 2] << 8) & 0xFF00;
                keyTag |= modulus[modulus.length - 1] & 0xFF;
                alg = 5;
            }
            CERTRecord rec = new CERTRecord(Name.fromString(name), DClass.IN, 86400L, certRecordType, keyTag, alg, /*public key alg, RFC 4034*/
            retData);
            retVal.addRR(rec);
        }
    } catch (Exception e) {
        throw new DNSException(DNSError.newError(Rcode.SERVFAIL), "Failure while parsing CERT record data: " + e.getMessage(), e);
    }
    // resulting in an empty RR set
    return (retVal.size() == 0) ? null : retVal;
}
Also used : RSAKey(java.security.interfaces.RSAKey) RRset(org.xbill.DNS.RRset) CertificateConversionException(org.nhindirect.config.model.exceptions.CertificateConversionException) CertificateConversionException(org.nhindirect.config.model.exceptions.CertificateConversionException) X509Certificate(java.security.cert.X509Certificate) URL(java.net.URL) ConfigServiceURL(org.nhindirect.dns.annotation.ConfigServiceURL) CertUtils(org.nhindirect.config.model.utils.CertUtils) CERTRecord(org.xbill.DNS.CERTRecord) X509Certificate(java.security.cert.X509Certificate) Certificate(org.nhind.config.Certificate)

Aggregations

Certificate (org.nhind.config.Certificate)6 X509Certificate (java.security.cert.X509Certificate)4 Anchor (org.nhind.config.Anchor)2 ConfigurationServiceProxy (org.nhind.config.ConfigurationServiceProxy)2 Domain (org.nhind.config.Domain)2 File (java.io.File)1 URL (java.net.URL)1 RSAKey (java.security.interfaces.RSAKey)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Vector (java.util.Vector)1 MessagingException (javax.mail.MessagingException)1 MailetConfig (org.apache.mailet.MailetConfig)1 Setting (org.nhind.config.Setting)1 CertificateConversionException (org.nhindirect.config.model.exceptions.CertificateConversionException)1 CertUtils (org.nhindirect.config.model.utils.CertUtils)1 ConfigServiceURL (org.nhindirect.dns.annotation.ConfigServiceURL)1 BaseTestPlan (org.nhindirect.gateway.testutils.BaseTestPlan)1 CERTRecord (org.xbill.DNS.CERTRecord)1 RRset (org.xbill.DNS.RRset)1